SECURITY REDEFINED. Jenny Kalenderidis RSA Regional Director, UK & Ireland. Copyright 2014 EMC Corporation. All rights reserved.
|
|
- Eleanor Johnston
- 5 years ago
- Views:
Transcription
1
2 SECURITY REDEFINED Jenny Kalenderidis RSA Regional Director, UK & Ireland 2
3 Agenda 09:30 Brian Fitzgerald Security Redefined: Managing risk and securing the business in the age of the third platform 09:50 Dave Martin Tales From The Front Lines: Actionable Strategies for An Intelligence-Driven Security Program 3
4 Agenda 10:25 Richard Knowlton Insights into the business and security challenges Vodafone is facing today and tomorrow 11:00 Coffee Break Thames Suite Level 1 4
5 THANK YOU TO OUR SPONSORS 5
6 Agenda 11:30 Breakout Sessions Plaza Suite Level -4 Security Operations Identity & Access Management Fraud & Risk Intelligence GRC Channel Ballroom Plaza 1 & 2 Plaza 6 & 7 Plaza 8 Plaza 9 & 10 12:40 Networking Lunch Thames Suite Level 1 6
7 Agenda 13:40 Breakout Sessions Plaza Suite Level -4 15:25 Coffee Break Thames Suite Level 1 15:55 Patrick Curry, CEO MACCSA What do you need to know? 16:30 Panel Debate and Closing Remarks 7
8 RSA Twitter Selfie Competition How to enter: Tweet a security-related selfie using #RSASummit during the event! The most creative selfie will win the prize! The Prize: An ipad Mini Retina The Winner will be announced at the RSA stand during the drinks reception. 8
9
10 SECURITY REDEFINED Managing risk and securing the business in the age of the third platform 10
11 Seasonal Affective Disorder. (SAD) I Hate Winter! 11
12 12
13 13
14 Restless Leg Syndrome. Fidgety in Bed 14
15 15
16 16
17 Stressed Out? Frustrated with Users? Can t Sleep? Feelings of Despair? Your Job. 17
18 BILLIONS OF USERS MILLIONS OF APPS 2010 HUNDREDS OF MILLIONS OF USERS Mobile Cloud Big Data Social Mobile Devices LAN/Internet 1990 PC Client/Server TENS OF THOUSANDS OF APPS Source: IDC, 2012 MILLIONS OF USERS 1970 Mainframe, Mini Computer Terminals THOUSANDS OF APPS 18
19 A New Security World It will become increasingly difficult to secure infrastructure We must focus on people, the flow of data and on transactions 19
20 A New Security Approach Is Required 2 ND PLATFORM LAN/Internet PC Client/Server 3 RD PLATFORM Mobile Cloud Big Data Social Mobile Devices IT CONTROLLED PERIMETER-BOUND PREVENTION SIGNATURE-BASED USER-CENTRIC BORDERLESS DETECTION INTELLIGENCE-DRIVEN 20
21 Intelligence is the Game Changer 21
22 RSA s Focus Areas Advanced Security Advanced Security Operations Operations Detecting and Stopping Advanced Threats Understanding and Managing Organizational Risk Governance, Risk, & Compliance Identity & Access Identity & Data Management Protection Securing the Interactions Between People and Information Preventing Online Fraud and Cybercrime Fraud Fraud & Risk & Risk Intelligence 22
23
24 Actionable Strategies for An Intelligence- Driven Security Program Dave Martin, VP & CSO, EMC 28
25 The gap continues to widen Business wants faster, agile, cheaper But Keep us safe IT not the only partner IT is having an identity crisis The foundations are shaky Technology change relentless mobile, cloud, big data Platforms, M&A Changing compliance & standards Privacy Critical Infrastructure Attackers are getting smarter, sharing and now some want to destroy you 29
26 Complexity will be the rule Software Defined Networking / Data Centers You think its hard to track assets now just wait Mobile really will be first Pervasive access to everything, from everywhere, from everything BYO Device, Network, Data, Analytics, Security Commercial Internet of Things 30
27 Big is going to get BIGGER Data is going to get BIG Are you ready for a Data Lake Traffic volume is going to get BIG Can you build a big enough gateway? Can you afford the internal bandwidth? Will you see the traffic? Understand it? 31
28 The Kill Chain now has a bad ending Recovering from a disruptive attack will mean going far beyond traditional resiliency They will know your DR, failover is not enough How will you rebuild, restore when Your primary and DR is gone? 75% of your end points? DNS? AD? 32
29 Ways to stay ahead Or maybe: How to not drown 33
30 Establish core tenets Traditional weapons are not going to work don t be the cavalry, those are tanks Raise the bar & don t make it easy Prevention in small doses, detection is key What gives you visibility; makes you stronger When you detect, strike quickly & effectively When you miss, be ready to recover 34
31 Be thoughtful & surgical Think closely about control decisions What other behaviors are you encouraging or creating? Are they worse than the original risk? Carrots are more effective than sticks One size still doesn t fit all Don t boil the ocean Perfection is a lost cause How do have the largest risk impact? Target high value assets People, Process, Data, Geography Largest population 35
32 Communicate & Educate Be transparent - let people know WHY Make it personal Do it often & with data Business relationships Change in the C suite? Power is shifting 36
33 Use Leverage Trojan horse security through other projects SSO Embrace change Automation Mobility Software Defined Networks Data Center 37
34 Areas of focus Enough with the rhetoric & clichés 38
35 Identity Provisioning & Onboarding Role management Map identity into log streams Profiling, map users to Devices Applications Sites Patterns 39
36 Data DLP isn t the final word Consider data bankruptcy Focus on visibility & analytics High value asset Point of creation or storage Visibility at the large end point Contain where possible mobile & virtual Leverage Master Data Management programs Define data owners & criticality Evaluate data categorization technology 40
37 Customer Experience They have many choices and security isn t on their list Offer enterprise versions of consumer services Can you trade experience for visibility Provide for safe open access Leverage SSO to better map identity 41
38 Supply Chain & Third Party Risk Understand supply chains Enforce contracted policies Network Access Control Reduce Access Virtual Desktops Review privilege Third party risk services 42
39 Incident Detection & Response 43
40 Resiliency & Recovery Non traditional DDOS targets Table top based on known attacks Threat model based on existing Business Impact Analysis Start with basic recovery plans Organization & structure Out of band communications Heterogeneous is good 44
41
42
43 Richard Knowlton, Vodafone Group Corporate Security Director 47
44
45 RSA Twitter Selfie Competition How to enter: Tweet a security-related selfie using #RSASummit during the event! The most creative selfie will win the prize! The Prize: An ipad Mini Retina The Winner will be announced at the RSA stand during the drinks reception. 49
46